[
https://issues.apache.org/jira/browse/GORA-642?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kevin Ratnasekera updated GORA-642:
-----------------------------------
Description:
This is a security fix for a vulnerability in Apache Maven pom.xml file(s).
The build files indicate that this project is resolving dependencies over HTTP
instead of HTTPS. This leaves build vulnerable to allowing a Man in the Middle
(MITM) attackers to execute arbitrary code on local computer or CI/CD system.
was:
This is a security fix for a vulnerability in Apache Maven pom.xml file(s).
The build files indicate that this project is resolving dependencies over HTTP
instead of HTTPS. This leaves your build vulnerable to allowing a Man in the
Middle (MITM) attackers to execute arbitrary code on your or your computer or
CI/CD system.
> Use HTTPS to resolve dependencies in Maven Build
> ------------------------------------------------
>
> Key: GORA-642
> URL: https://issues.apache.org/jira/browse/GORA-642
> Project: Apache Gora
> Issue Type: Improvement
> Components: build process
> Affects Versions: 0.9
> Reporter: Kevin Ratnasekera
> Assignee: Kevin Ratnasekera
> Priority: Major
> Fix For: 1.0
>
>
> This is a security fix for a vulnerability in Apache Maven pom.xml file(s).
> The build files indicate that this project is resolving dependencies over
> HTTP instead of HTTPS. This leaves build vulnerable to allowing a Man in the
> Middle (MITM) attackers to execute arbitrary code on local computer or CI/CD
> system.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
